Home > Uncategorized > Block FTP access using csf firewall

Block FTP access using csf firewall

September 4th, 2012 Leave a comment Go to comments

To completely disable the FTP access on the server follow the below steps:

[email protected][#] vi /etc/csf/csf.conf

Search for the lines:
# Allow incoming TCP ports
TCP_IN =
and remove the port 21 from the list
Save and quit.

And then restart the CSF firewall using the below command:

[email protected][#] csf -r

If you want to block FTP access for a Specific IP then follow the below steps:

[email protected][#] vi /etc/csf/csf.deny

and add the line :
tcp:in:d=21:s=10.10.10.10

save and quit

And then restart CSF firewall using the below command:

[email protected][#] csf -r

If you want to allow FTP access for only one ip on the server and denied for all other IPS

[email protected][#] vi /etc/csf/csf.conf

Then search for the line:
# Allow incoming TCP ports
and the remove the ports : 21 and 22

also search for the line :

# Allow outgoing TCP ports
and remove the ports: 21 and 22

Save and quit

Then open the csf.allow file

[email protected][#] vi /etc/csf/csf.allow
and add the entry as :

tcp:in:d=21:s=10.10.10.10

Save and Quit.

And then restart the CSF service

[email protected][#] csf -r

Note: Replace the IP 10.10.10.10 with the Actual IP.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.